Integer Overflow Vulnerability in RedisTimeSeries Module by Redis

CVE-2024-51480

Summary

The RedisTimeSeries module is susceptible to an integer overflow vulnerability caused by specially crafted command arguments. When authenticated users execute commands such as TS.QUERYINDEX, TS.MGET, TS.MRAGE, and TS.MREVRANGE, this flaw may lead to a heap overflow, potentially allowing attackers to execute remote code on the affected system. This vulnerability has been addressed in version updates 1.6.20, 1.8.15, 1.10.15, and 1.12.3.

References